It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

Following a class-action lawsuit over Google’s handling of user data in its Chrome browser’s “Incognito” private browsing mode, the search company will expunge “billions of event-level data records that reflect class members’ private browsing activities” improperly collected before January 2024. It also updated its Incognito landing page to highlight that even Google can discern your activities in private browsing mode. Additionally, the company will be required to delete data that makes users’ private browsing data personally identifiable, such as IP addresses. Read more.

What you can do

• I used to conduct privacy and security research for Chrome, so let me tell you, there is a lot of publicly available research on private browsing. Prior research suggests many people overestimate the privacy protections of the private browsing mode in all major browsers. That’s why you should read about what private browsing mode does and doesn’t do. When using private browsing, you are only deleting browsing history on your device, so this really only helps you if your concern is someone else picking up your computer and looking at the browsing history. As soon as you connect to a website, that website has a record of your visit. All code running on those websites — including code from Google, such as Google Analytics — can still track your browsing mode in Incognito mode.

• If your concern, instead, is that your internet service provider, or even the websites you connect to, can determine your location or see your IP address, you might actually want to consider a virtual private network. A VPN encrypts and tunnels your web traffic through a remote server before you connect to the web, so you may appear to be connecting from somewhere remote — perhaps even another country. But because the VPN provider gets to see all of your traffic, you really need to trust it. Don’t use a free VPN, because it might make its money selling your traffic data. Read our guide to choosing a reputable VPN. Note that even a VPN doesn’t make you invisible — it just moves the traffic to somewhere else, where it may still be surveilled by anyone who can capture it.

Updates from our team

• We made some updates to the slides and activities in our U.S. Journalism School Digital Security Curriculum in response to recent changes to Signal. Those changes allow people to connect with usernames instead of phone numbers. If you or someone in your orbit are interested in security education for J-schools, check it out here.

Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.

Best,

Martin